On 06/28/2013 10:11 AM, Barry Warsaw wrote: > Another complication is that keys will probably be attached to users, but > users have relationships with list across the entire Mailman installation. So > if it were list owners that were responsible for key management, how does that > cross list boundaries? What about lists on the same system but in different > domains? Does the site admin have to delegate key management responsibilities > to list owners? I can imagine some kind of attack involving a list owner who > approves a member's key for one list, and then using that to attack other > lists on the same system. Tricky business.
An OpenPGP certification of a key+userid just means that the certifier
believes that the key belongs to the person who has that user ID
(including the e-mail address). i think the best way to implement
stephen's suggestion is that in order to be able to post to a
signed-message-only list, a list member must have a key that has been
certified by the list's administrator.
Note that this does *not* mean that a non-list-member whose key has been
certified by the list's administrator can post. List membership and key
certification are orthogonal attributes; Both should be needed (plus a
valid signature on the message, of course!) before a message is passed
on to such a list.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
